24421 2009-03-06 02:33:59 -0800 CSS from STYLE tag is applied to page even when STYLE element is not in the document 2023-12-29 02:50:41 -0800 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) PC Windows XP RESOLVED CONFIGURATION CHANGED http://ua.zapatec.net/~vanger/webkit-css-innerhtml-bug.html P2 Normal --- 0 b30r4 webkit-unassigned annevk oldest_to_newest 112561 0 b30r4 2009-03-06 02:33:59 -0800 I'm doing pre-parsing of HTML strings before dispaying them to page to cut off forbidden tags. To do this I'm creating element in the DOM but do not add it into main page to not affect page layout, assigning innerHTML to this string and after that processing new DOM tree to delete forbidden elements. After that I'm compressing element content into HTML string and inserting it into page. This works ok with all the browsers but in Webkit I got an error - if HTML string contains <STYLE> tag - CSS rules from that element are applied to main page even if temporary element is not in the main page DOM. See attached example. 112562 1 28354 b30r4 2009-03-06 02:35:30 -0800 Created attachment 28354 example to reproduce an error 112567 2 b30r4 2009-03-06 03:52:44 -0800 Workaround - use createElementNS to create element in different namespace - in this case STYLE won't affect local document. 112568 3 b30r4 2009-03-06 04:32:53 -0800 same problem with <LINK> element - for LINK rel="stylesheet" corresponding CSS file is loaded and applied to the page 112573 4 28357 b30r4 2009-03-06 06:07:47 -0800 Created attachment 28357 XSS 112574 5 b30r4 2009-03-06 06:16:08 -0800 attached new file - XSS attack using this bug. 2002203 6 annevk 2023-12-29 02:50:41 -0800 This seems to be working fine today. 28354 2009-03-06 02:35:30 -0800 2009-03-06 02:35:30 -0800 example to reproduce an error test.html text/html 376 b30r4 PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25h bC5kdGQiPg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHNjcmlw dCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KdmFyIGRpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1l bnQoImRpdiIpOw0KdmFyIGNvbnRlbnQgPSAiPGRpdj48c3R5bGU+PCEtLSBCT0RZIHsgYmFja2dy b3VuZC1jb2xvcjogcmVkO30gLS0+PFwvc3R5bGU+PFwvZGl2PiINCmRpdi5pbm5lckhUTUwgPSBj b250ZW50Ow0KPC9zY3JpcHQ+DQo8L2JvZHk+PC9odG1sPg== 28357 2009-03-06 06:07:47 -0800 2009-03-06 06:07:47 -0800 XSS test.html text/html 392 b30r4 PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBYSFRNTCAxLjAgVHJhbnNpdGlvbmFs Ly9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMS9EVEQveGh0bWwxLXRyYW5zaXRpb25h bC5kdGQiPg0KPGh0bWw+PGhlYWQ+PHRpdGxlPjwvdGl0bGU+PC9oZWFkPjxib2R5Pg0KPHNjcmlw dCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPg0KdmFyIGRpdiA9IGRvY3VtZW50LmNyZWF0ZUVsZW1l bnQoImRpdiIpOw0KdmFyIGNvbnRlbnQgPSAnPGRpdj48TUVUQSBIVFRQLUVRVUlWPSJyZWZyZXNo IiBDT05URU5UPSIwO3VybD1qYXZhc2NyaXB0OmFsZXJ0KFwnWFNTXCcpOyI+PFwvZGl2Pic7DQpk aXYuaW5uZXJIVE1MID0gY29udGVudDsNCjwvc2NyaXB0Pg0KPC9ib2R5PjwvaHRtbD4=